January 2023 - Linux-stable-mirror

by Tom Saeger

Build ID on arm64 is broken if CONFIG_MODVERSIONS=y on 5.4, 5.10, and 5.15 I've build tested on {x86_64, arm64, riscv, powerpc, s390, sh} Without these patches Build ID is missing for arm64 (ld >= 2.36): $ readelf -n vmlinux | grep "Build ID" *NOTE* to following is not in mainline, yet: [PATCH 5.10 fix build id for arm64 5/5] sh: define RUNTIME_DISCARD_EXIT https://lore.kernel.org/all/9166a8abdc0f979e50377e61780a4bba1dfa2f52.167451… Masahiro Yamada (2): arch: fix broken BuildID for arm64 and riscv s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 Michael Ellerman (2): powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds Tom Saeger (1): sh: define RUNTIME_DISCARD_EXIT arch/powerpc/kernel/vmlinux.lds.S | 6 +++++- arch/s390/kernel/vmlinux.lds.S | 2 ++ arch/sh/kernel/vmlinux.lds.S | 2 ++ include/asm-generic/vmlinux.lds.h | 5 +++++ 4 files changed, 14 insertions(+), 1 deletion(-) base-commit: 179624a57b78c02de833370b7bdf0b0f4a27ca31 -- 2.39.1

2 years

2
6
0 0

[PATCH 5.10 0/1] i40e: Add checking for null for nlmsg_find_attr()

by Natalia Petrova

The remark about the error code by Simon Horman <simon.horman(a)corigine.com> was taken into account. Return value -ENOENT was changed to -EINVAL. Found by Linux Verification Center (linuxtesting.org) with SVACE.

2 years

4
5
0 0

[PATCH v2 RESEND] tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem

by Joel Fernandes (Google)

For CONFIG_NO_HZ_FULL systems, the tick_do_timer_cpu cannot be offlined. However, cpu_is_hotpluggable() still returns true for those CPUs. This causes torture tests that do offlining to end up trying to offline this CPU causing test failures. Such failure happens on all architectures. Fix it by asking the opinion of the nohz subsystem on whether the CPU can be hotplugged. [ Apply Frederic Weisbecker feedback on refactoring tick_nohz_cpu_down(). ] For drivers/base/ portion: Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Frederic Weisbecker <frederic(a)kernel.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: Zhouyi Zhou <zhouzhouyi(a)gmail.com> Cc: Will Deacon <will(a)kernel.org> Cc: Marc Zyngier <maz(a)kernel.org> Cc: rcu <rcu(a)vger.kernel.org> Cc: stable(a)vger.kernel.org Fixes: 2987557f52b9 ("driver-core/cpu: Expose hotpluggability to the rest of the kernel") Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> --- Sorry, resending with CC to stable. drivers/base/cpu.c | 3 ++- include/linux/tick.h | 2 ++ kernel/time/tick-sched.c | 11 ++++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 55405ebf23ab..450dca235a2f 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c @@ -487,7 +487,8 @@ static const struct attribute_group *cpu_root_attr_groups[] = { bool cpu_is_hotpluggable(unsigned int cpu) { struct device *dev = get_cpu_device(cpu); - return dev && container_of(dev, struct cpu, dev)->hotpluggable; + return dev && container_of(dev, struct cpu, dev)->hotpluggable + && tick_nohz_cpu_hotpluggable(cpu); } EXPORT_SYMBOL_GPL(cpu_is_hotpluggable); diff --git a/include/linux/tick.h b/include/linux/tick.h index bfd571f18cfd..9459fef5b857 100644 --- a/include/linux/tick.h +++ b/include/linux/tick.h @@ -216,6 +216,7 @@ extern void tick_nohz_dep_set_signal(struct task_struct *tsk, enum tick_dep_bits bit); extern void tick_nohz_dep_clear_signal(struct signal_struct *signal, enum tick_dep_bits bit); +extern bool tick_nohz_cpu_hotpluggable(unsigned int cpu); /* * The below are tick_nohz_[set,clear]_dep() wrappers that optimize off-cases @@ -280,6 +281,7 @@ static inline void tick_nohz_full_add_cpus_to(struct cpumask *mask) { } static inline void tick_nohz_dep_set_cpu(int cpu, enum tick_dep_bits bit) { } static inline void tick_nohz_dep_clear_cpu(int cpu, enum tick_dep_bits bit) { } +static inline bool tick_nohz_cpu_hotpluggable(unsigned int cpu) { return true; } static inline void tick_dep_set(enum tick_dep_bits bit) { } static inline void tick_dep_clear(enum tick_dep_bits bit) { } diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c index 9c6f661fb436..63e3e8ebcd64 100644 --- a/kernel/time/tick-sched.c +++ b/kernel/time/tick-sched.c @@ -510,7 +510,7 @@ void __init tick_nohz_full_setup(cpumask_var_t cpumask) tick_nohz_full_running = true; } -static int tick_nohz_cpu_down(unsigned int cpu) +bool tick_nohz_cpu_hotpluggable(unsigned int cpu) { /* * The tick_do_timer_cpu CPU handles housekeeping duty (unbound @@ -518,8 +518,13 @@ static int tick_nohz_cpu_down(unsigned int cpu) * CPUs. It must remain online when nohz full is enabled. */ if (tick_nohz_full_running && tick_do_timer_cpu == cpu) - return -EBUSY; - return 0; + return false; + return true; +} + +static int tick_nohz_cpu_down(unsigned int cpu) +{ + return tick_nohz_cpu_hotpluggable(cpu) ? 0 : -EBUSY; } void __init tick_nohz_init(void) -- 2.39.1.405.gd4c25cc71f-goog

2 years

4
8
0 0

Chasing a 'use after free' bug of SCSI subsystem for linux-stable 5.15.y

by Zhouyi Zhou

Dear SCSI developers: During the rcutorture test performed on linux-stable 5.15.y in PPC VM of Open Source Lab of Oregon State University, A SCSI related bug is discovered [1]: [ 5.178733][ C1] BUG: Kernel NULL pointer dereference on read at 0x00000008 ... [ 5.231013][ C1] [c00000001ff9fca0] [c0000000009ffbc8] scsi_end_request+0xd8/0x1f0 (unreliable)^M [ 5.234961][ C1] [c00000001ff9fcf0] [c000000000a00e68] scsi_io_completion+0x88/0x700^M [ 5.237863][ C1] [c00000001ff9fda0] [c0000000009f5028] scsi_finish_command+0xe8/0x150^M [ 5.240089][ C1] [c00000001ff9fdf0] [c000000000a00c70] scsi_complete+0x90/0x140^M [ 5.242481][ C1] [c00000001ff9fe20] [c0000000007e5170] blk_complete_reqs+0x80/0xa0^M [ 5.245187][ C1] [c00000001ff9fe50] [c000000000f0b5d0] __do_softirq+0x1e0/0x4e0^M [ 5.248479][ C1] [c00000001ff9ff90] [c0000000000170e8] do_softirq_own_stack+0x48/0x60^M [ 5.250919][ C1] [c00000000a5e7c40] [c00000000a5e7c80] 0xc00000000a5e7c80^M [ 5.253792][ C1] [c00000000a5e7c70] [c0000000001534c0] do_softirq+0xb0/0xc0^M [ 5.256824][ C1] [c00000000a5e7ca0] [c0000000001535ac] __local_bh_enable_ip+0xdc/0x110^M [ 5.259414][ C1] [c00000000a5e7cc0] [c0000000001d75e8] irq_forced_thread_fn+0xc8/0xf0^M [ 5.261921][ C1] [c00000000a5e7d00] [c0000000001d7ae4] irq_thread+0x1b4/0x2a0^M [ 5.265298][ C1] [c00000000a5e7da0] [c00000000017d8c8] kthread+0x1a8/0x1d0^M [ 5.269184][ C1] [c00000000a5e7e10] [c00000000000cee4] By adding printk statement in the SCSI subsystem and perform rounds of qemu bootup, I found the bug is caused by following 'use after free' scenery: A) B) __scsi_scan_target scsi_probe_and_add_lun scsi_probe_lun scsi_execute_req __scsi_execute blk_execute_rq ---> req ---> time out __scsi_remove_device blk_cleanup_queue percpu_ref_exit(&q->q_usage_counter) scsi_end_request percpu_ref_put(&q->q_usage_counter) USE-AFTER-FREE Reported-by: Zhouyi Zhou <zhouzhouyi(a)gmail.com> Thanks for your intention Zhouyi [1] https://lore.kernel.org/lkml/CAABZP2wa_ZTHUr9tH_6OSpr+TgNACo4kMu3eawsGV5qkC…

2 years

1
0
0 0

+ squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Squashfs: fix handling and sanity checking of xattr_ids count has been added to the -mm mm-hotfixes-unstable branch. Its filename is squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: Squashfs: fix handling and sanity checking of xattr_ids count Date: Fri, 27 Jan 2023 06:18:42 +0000 A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these flaws cause computation overflow due to incorrect typing. In the corrupted filesystem the xattr_ids value is 4294967071, which stored in a signed variable becomes the negative number -225. Flaw 1 (64-bit systems only): The signed integer xattr_ids variable causes sign extension. This causes variable overflow in the SQUASHFS_XATTR_*(A) macros. The variable is first multiplied by sizeof(struct squashfs_xattr_id) where the type of the sizeof operator is "unsigned long". On a 64-bit system this is 64-bits in size, and causes the negative number to be sign extended and widened to 64-bits and then become unsigned. This produces the very large number 18446744073709548016 or 2^64 - 3600. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows and produces a length of 0 (stored in len). Flaw 2 (32-bit systems only): On a 32-bit system the integer variable is not widened by the unsigned long type of the sizeof operator (32-bits), and the signedness of the variable has no effect due it always being treated as unsigned. The above corrupted xattr_ids value of 4294967071, when multiplied overflows and produces the number 4294963696 or 2^32 - 3400. This number when rounded up by SQUASHFS_METADATA_SIZE - 1 (8191 bytes) and divided by SQUASHFS_METADATA_SIZE overflows again and produces a length of 0. The effect of the 0 length computation: In conjunction with the corrupted xattr_ids field, the filesystem also has a corrupted xattr_table_start value, where it matches the end of filesystem value of 850. This causes the following sanity check code to fail because the incorrectly computed len of 0 matches the incorrect size of the table reported by the superblock (0 bytes). len = SQUASHFS_XATTR_BLOCK_BYTES(*xattr_ids); indexes = SQUASHFS_XATTR_BLOCKS(*xattr_ids); /* * The computed size of the index table (len bytes) should exactly * match the table start and end points */ start = table_start + sizeof(*id_table); end = msblk->bytes_used; if (len != (end - start)) return ERR_PTR(-EINVAL); Changing the xattr_ids variable to be "usigned int" fixes the flaw on a 64-bit system. This relies on the fact the computation is widened by the unsigned long type of the sizeof operator. Casting the variable to u64 in the above macro fixes this flaw on a 32-bit system. It also means 64-bit systems do not implicitly rely on the type of the sizeof operator to widen the computation. [1] https://lore.kernel.org/lkml/000000000000cd44f005f1a0f17f@google.com/ Link: https://lkml.kernel.org/r/20230127061842.10965-1-phillip@squashfs.org.uk Fixes: 506220d2ba21 ("squashfs: add more sanity checks in xattr id lookup") Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: <syzbot+082fa4af80a5bb1a9843(a)syzkaller.appspotmail.com> Cc: Alexey Khoroshilov <khoroshilov(a)ispras.ru> Cc: Fedor Pchelkin <pchelkin(a)ispras.ru> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- --- a/fs/squashfs/squashfs_fs.h~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/squashfs_fs.h @@ -183,7 +183,7 @@ static inline int squashfs_block_size(__ #define SQUASHFS_ID_BLOCK_BYTES(A) (SQUASHFS_ID_BLOCKS(A) *\ sizeof(u64)) /* xattr id lookup table defines */ -#define SQUASHFS_XATTR_BYTES(A) ((A) * sizeof(struct squashfs_xattr_id)) +#define SQUASHFS_XATTR_BYTES(A) (((u64) (A)) * sizeof(struct squashfs_xattr_id)) #define SQUASHFS_XATTR_BLOCK(A) (SQUASHFS_XATTR_BYTES(A) / \ SQUASHFS_METADATA_SIZE) --- a/fs/squashfs/squashfs_fs_sb.h~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/squashfs_fs_sb.h @@ -63,7 +63,7 @@ struct squashfs_sb_info { long long bytes_used; unsigned int inodes; unsigned int fragments; - int xattr_ids; + unsigned int xattr_ids; unsigned int ids; bool panic_on_errors; const struct squashfs_decompressor_thread_ops *thread_ops; --- a/fs/squashfs/xattr.h~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/xattr.h @@ -10,12 +10,12 @@ #ifdef CONFIG_SQUASHFS_XATTR extern __le64 *squashfs_read_xattr_id_table(struct super_block *, u64, - u64 *, int *); + u64 *, unsigned int *); extern int squashfs_xattr_lookup(struct super_block *, unsigned int, int *, unsigned int *, unsigned long long *); #else static inline __le64 *squashfs_read_xattr_id_table(struct super_block *sb, - u64 start, u64 *xattr_table_start, int *xattr_ids) + u64 start, u64 *xattr_table_start, unsigned int *xattr_ids) { struct squashfs_xattr_id_table *id_table; --- a/fs/squashfs/xattr_id.c~squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count +++ a/fs/squashfs/xattr_id.c @@ -56,7 +56,7 @@ int squashfs_xattr_lookup(struct super_b * Read uncompressed xattr id lookup table indexes from disk into memory */ __le64 *squashfs_read_xattr_id_table(struct super_block *sb, u64 table_start, - u64 *xattr_table_start, int *xattr_ids) + u64 *xattr_table_start, unsigned int *xattr_ids) { struct squashfs_sb_info *msblk = sb->s_fs_info; unsigned int len, indexes; _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are squashfs-fix-handling-and-sanity-checking-of-xattr_ids-count.patch

2 years

1
0
0 0

[PATCH] highmem: Round down the address passed to kunmap_flush_on_unmap()

by Matthew Wilcox (Oracle)

We already round down the address in kunmap_local_indexed() which is the other implementation of __kunmap_local(). The only implementation of kunmap_flush_on_unmap() is PA-RISC which is expecting a page-aligned address. This may be causing PA-RISC to be flushing the wrong addresses currently. Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Fixes: 298fa1ad5571 ("highmem: Provide generic variant of kmap_atomic*") Cc: stable(a)vger.kernel.org --- include/linux/highmem-internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/highmem-internal.h b/include/linux/highmem-internal.h index 034b1106d022..e098f38422af 100644 --- a/include/linux/highmem-internal.h +++ b/include/linux/highmem-internal.h @@ -200,7 +200,7 @@ static inline void *kmap_local_pfn(unsigned long pfn) static inline void __kunmap_local(const void *addr) { #ifdef ARCH_HAS_FLUSH_ON_KUNMAP - kunmap_flush_on_unmap(addr); + kunmap_flush_on_unmap(PTR_ALIGN_DOWN(addr, PAGE_SIZE)); #endif } @@ -227,7 +227,7 @@ static inline void *kmap_atomic_pfn(unsigned long pfn) static inline void __kunmap_atomic(const void *addr) { #ifdef ARCH_HAS_FLUSH_ON_KUNMAP - kunmap_flush_on_unmap(addr); + kunmap_flush_on_unmap(PTR_ALIGN_DOWN(addr, PAGE_SIZE)); #endif pagefault_enable(); if (IS_ENABLED(CONFIG_PREEMPT_RT)) -- 2.35.1

2 years

2
1
0 0

[PATCH v1] Revert "mm: kmemleak: alloc gray object for reserved region with direct map"

by Isaac J. Manjarres

This reverts commit 972fa3a7c17c9d60212e32ecc0205dc585b1e769. Kmemleak operates by periodically scanning memory regions for pointers to allocated memory blocks to determine if they are leaked or not. However, reserved memory regions can be used for DMA transactions between a device and a CPU, and thus, wouldn't contain pointers to allocated memory blocks, making them inappropriate for kmemleak to scan. Thus, revert this commit. Cc: stable(a)vger.kernel.org # 5.17+ Cc: Calvin Zhang <calvinzhang.cool(a)gmail.com> Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> --- drivers/of/fdt.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c index f08b25195ae7..d1a68b6d03b3 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -26,7 +26,6 @@ #include <linux/serial_core.h> #include <linux/sysfs.h> #include <linux/random.h> -#include <linux/kmemleak.h> #include <asm/setup.h> /* for COMMAND_LINE_SIZE */ #include <asm/page.h> @@ -525,12 +524,9 @@ static int __init __reserved_mem_reserve_reg(unsigned long node, size = dt_mem_next_cell(dt_root_size_cells, &prop); if (size && - early_init_dt_reserve_memory(base, size, nomap) == 0) { + early_init_dt_reserve_memory(base, size, nomap) == 0) pr_debug("Reserved memory: reserved region for node '%s': base %pa, size %lu MiB\n", uname, &base, (unsigned long)(size / SZ_1M)); - if (!nomap) - kmemleak_alloc_phys(base, size, 0); - } else pr_err("Reserved memory: failed to reserve memory for node '%s': base %pa, size %lu MiB\n", uname, &base, (unsigned long)(size / SZ_1M)); -- 2.39.1.405.gd4c25cc71f-goog

2 years

4
3
0 0

[PATCH 4.19 00/37] 4.19.271-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.271 release. There are 37 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 24 Jan 2023 15:02:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.271-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.271-rc1 YingChi Long <me(a)inclyc.cn> x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ext4: generalize extents status tree search functions" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ext4: add new pending reservation mechanism" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ext4: fix reserved cluster accounting at delayed write time" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline" Khazhismel Kumykov <khazhy(a)chromium.org> gsmi: fix null-deref in gsmi_get_variable Tobias Schramm <t.schramm(a)manjaro.org> serial: atmel: fix incorrect baudrate setup Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> serial: pch_uart: Pass correct sg to dma_unmap_sg() Juhyung Park <qkrwngud825(a)gmail.com> usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 Maciej Żenczykowski <maze(a)google.com> usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() Daniel Scally <dan.scally(a)ideasonboard.com> usb: gadget: g_webcam: Send color matching descriptor per frame Prashant Malani <pmalani(a)chromium.org> usb: typec: altmodes/displayport: Fix pin assignment calculation Prashant Malani <pmalani(a)chromium.org> usb: typec: altmodes/displayport: Add pin assignment helper Alexander Stein <alexander.stein(a)ew.tq-group.com> usb: host: ehci-fsl: Fix module alias Michael Adler <michael.adler(a)siemens.com> USB: serial: cp210x: add SCALANCE LPE-9000 device id Enzo Matsumiya <ematsumiya(a)suse.de> cifs: do not include page data when checking signature Samuel Holland <samuel(a)sholland.org> mmc: sunxi-mmc: Fix clock refcount imbalance during unbind Ian Abbott <abbotti(a)mev.co.uk> comedi: adv_pci1760: Fix PWM instruction handling Flavio Suligoi <f.suligoi(a)asem.it> usb: core: hub: disable autosuspend for TI TUSB8041 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 Duke Xin(辛安文) <duke_xinanwen(a)163.com> USB: serial: option: add Quectel EM05CN modem Duke Xin(辛安文) <duke_xinanwen(a)163.com> USB: serial: option: add Quectel EM05CN (SG) modem Ali Mirghasemi <ali.mirghasemi1376(a)gmail.com> USB: serial: option: add Quectel EC200U modem Duke Xin(辛安文) <duke_xinanwen(a)163.com> USB: serial: option: add Quectel EM05-G (RS) modem Duke Xin(辛安文) <duke_xinanwen(a)163.com> USB: serial: option: add Quectel EM05-G (CS) modem Duke Xin(辛安文) <duke_xinanwen(a)163.com> USB: serial: option: add Quectel EM05-G (GR) modem Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> prlimit: do_prlimit needs to have a speculation check Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Add a flag to disable USB3 lpm on a xhci root port level. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix null pointer dereference when host dies Jimmy Hu <hhhuuu(a)google.com> usb: xhci: Check endpoint is valid before dereferencing it Ricardo Ribalda <ribalda(a)chromium.org> xhci-pci: set the dma max_seg_size Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix general protection fault in nilfs_btree_insert() Shawn.Shao <shawn.shao(a)jaguarmicro.com> Add exception protection processing for vd in axi_chan_handle_err function Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: let's avoid panic if extent_tree is not created Jiri Slaby (SUSE) <jirislaby(a)kernel.org> RDMA/srp: Move large values to a new enum for gcc13 Daniil Tatianin <d-tatianin(a)yandex-team.ru> net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats Olga Kornievskaia <olga.kornievskaia(a)gmail.com> pNFS/filelayout: Fix coalescing test for single DS ------------- Diffstat: Makefile | 4 +- arch/x86/kernel/fpu/init.c | 7 +- drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c | 6 + drivers/firmware/google/gsmi.c | 7 +- drivers/infiniband/ulp/srp/ib_srp.h | 8 +- drivers/mmc/host/sunxi-mmc.c | 8 +- drivers/staging/comedi/drivers/adv_pci1760.c | 2 +- drivers/tty/serial/atmel_serial.c | 8 +- drivers/tty/serial/pch_uart.c | 2 +- drivers/usb/core/hub.c | 13 + drivers/usb/gadget/function/f_ncm.c | 4 +- drivers/usb/gadget/legacy/webcam.c | 3 + drivers/usb/host/ehci-fsl.c | 2 +- drivers/usb/host/xhci-pci.c | 2 + drivers/usb/host/xhci-ring.c | 5 +- drivers/usb/host/xhci.c | 13 + drivers/usb/host/xhci.h | 1 + drivers/usb/misc/iowarrior.c | 2 +- drivers/usb/serial/cp210x.c | 1 + drivers/usb/serial/option.c | 17 ++ drivers/usb/storage/uas-detect.h | 13 + drivers/usb/storage/unusual_uas.h | 7 - drivers/usb/typec/altmodes/displayport.c | 22 +- fs/cifs/smb2pdu.c | 15 +- fs/ext4/ext4.h | 8 +- fs/ext4/extents.c | 139 +++------ fs/ext4/extents_status.c | 389 ++----------------------- fs/ext4/extents_status.h | 76 +---- fs/ext4/inode.c | 92 ++---- fs/ext4/super.c | 8 - fs/f2fs/extent_cache.c | 3 +- fs/nfs/filelayout/filelayout.c | 8 + fs/nilfs2/btree.c | 15 +- include/trace/events/ext4.h | 39 +-- kernel/sys.c | 2 + net/core/ethtool.c | 3 +- 36 files changed, 238 insertions(+), 716 deletions(-)

2 years

6
46
0 0

[PATCH 2/2] io_uring: add reschedule point to handle_tw_list()

by Jens Axboe

If CONFIG_PREEMPT_NONE is set and the task_work chains are long, we could be running into issues blocking others for too long. Add a reschedule check in handle_tw_list(), and flush the ctx if we need to reschedule. Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/io_uring.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index bb8a532b051e..bc8845de2829 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -1179,10 +1179,16 @@ static unsigned int handle_tw_list(struct llist_node *node, /* if not contended, grab and improve batching */ *locked = mutex_trylock(&(*ctx)->uring_lock); percpu_ref_get(&(*ctx)->refs); - } + } else if (!*locked) + *locked = mutex_trylock(&(*ctx)->uring_lock); req->io_task_work.func(req, locked); node = next; count++; + if (unlikely(need_resched())) { + ctx_flush_and_put(*ctx, locked); + *ctx = NULL; + cond_resched(); + } } return count; -- 2.39.0

2 years

1
0
0 0

[PATCH 1/2] io_uring: add a conditional reschedule to the IOPOLL cancelation loop

by Jens Axboe

If the kernel is configured with CONFIG_PREEMPT_NONE, we could be sitting in a tight loop reaping events but not giving them a chance to finish. This results in a trace ala: rcu: INFO: rcu_sched self-detected stall on CPU rcu: 2-...!: (5249 ticks this GP) idle=935c/1/0x4000000000000000 softirq=4265/4274 fqs=1 (t=5251 jiffies g=465 q=4135 ncpus=4) rcu: rcu_sched kthread starved for 5249 jiffies! g465 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 rcu: Unless rcu_sched kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_sched state:R running task stack:0 pid:12 ppid:2 flags:0x00000008 Call trace: __switch_to+0xb0/0xc8 __schedule+0x43c/0x520 schedule+0x4c/0x98 schedule_timeout+0xbc/0xdc rcu_gp_fqs_loop+0x308/0x344 rcu_gp_kthread+0xd8/0xf0 kthread+0xb8/0xc8 ret_from_fork+0x10/0x20 rcu: Stack dump where RCU GP kthread last ran: Task dump for CPU 0: task:kworker/u8:10 state:R running task stack:0 pid:89 ppid:2 flags:0x0000000a Workqueue: events_unbound io_ring_exit_work Call trace: __switch_to+0xb0/0xc8 0xffff0000c8fefd28 CPU: 2 PID: 95 Comm: kworker/u8:13 Not tainted 6.2.0-rc5-00042-g40316e337c80-dirty #2759 Hardware name: linux,dummy-virt (DT) Workqueue: events_unbound io_ring_exit_work pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : io_do_iopoll+0x344/0x360 lr : io_do_iopoll+0xb8/0x360 sp : ffff800009bebc60 x29: ffff800009bebc60 x28: 0000000000000000 x27: 0000000000000000 x26: ffff0000c0f67d48 x25: ffff0000c0f67840 x24: ffff800008950024 x23: 0000000000000001 x22: 0000000000000000 x21: ffff0000c27d3200 x20: ffff0000c0f67840 x19: ffff0000c0f67800 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000001 x13: 0000000000000001 x12: 0000000000000000 x11: 0000000000000179 x10: 0000000000000870 x9 : ffff800009bebd60 x8 : ffff0000c27d3ad0 x7 : fefefefefefefeff x6 : 0000646e756f626e x5 : ffff0000c0f67840 x4 : 0000000000000000 x3 : ffff0000c2398000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: io_do_iopoll+0x344/0x360 io_uring_try_cancel_requests+0x21c/0x334 io_ring_exit_work+0x90/0x40c process_one_work+0x1a4/0x254 worker_thread+0x1ec/0x258 kthread+0xb8/0xc8 ret_from_fork+0x10/0x20 Add a cond_resched() in the cancelation IOPOLL loop to fix this. Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- io_uring/io_uring.c | 1 + 1 file changed, 1 insertion(+) diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index 80b6204769e8..bb8a532b051e 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -3162,6 +3162,7 @@ static __cold bool io_uring_try_cancel_requests(struct io_ring_ctx *ctx, while (!wq_list_empty(&ctx->iopoll_list)) { io_iopoll_try_reap_events(ctx); ret = true; + cond_resched(); } } -- 2.39.0

2 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror January 2023